When I tried to use the Selective Export Utility (SelectiveExportUtil) to export all Provisioning roles whose names contain a particular string, e.g. "BASIC", the resultant output seems to include other objects (screens, tasks, other roles, etc.).
I have run following command

 ./SelectiveExportUtil.sh -user imadmin -pwd ***** -url "http://caim-srv-01:8080/iam/im/ws/identityEnv" -exportTo basic.xml -filter filter.json 

with the filter.json contents as

{        
    "criteria": [{
                "objectType": "PROVISIONING ROLE",
                "identifyAttributeName": "NAME",
                "criterion": [{
                        "operator": "CONTAINS",
                        "values": ["BASIC"]
                }]
     }]
}

The filter seems not functioning properly. Why does it happen like this?

Release : 14.3

Component : IdentityMinder(Identity Manager)

The Selective Export Utility is functioning as designed. When role definitions are exported, the filtered definitions and their dependencies are also exported. For example, if a Provisioning Role has owner as 'member of System Manager role', System Manager Admin Role will be exported, hence Admin Tasks belong to the role and their dependencies will also be exported. This is to keep data integrity.

In the above case, if filtered Provisioning Roles have imadmin as owner then the exported result will contain only those Provisioning Roles.

Selectively Export Role Definitions

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-5/configuring/production-environments/selectively-export-role-definitions.html